b"                                MEMORANDUM\n\n                                    October 3 1,2007\n\nTO:            Chairman Cox\n\nFROM:          Nelson Egbert   @\nSUBJECT:       Semi-annual report\n\nAttached is the Office of Inspector General's semi-annual report for the second half of\nfiscal year 2007.\n\n\nAttachment\n\ncc:    Diego Ruiz\n\x0c              Securities and Exchange\n                  Commission\n                       Office of Inspector General\n\n                          Executive Summary\nDuring this period (April 1, 2007 to September 30, 2007), the Office of Inspector General\n(OIG or Office) issued one audit report, two inspection report, and three investigative\nmemoranda on management issues. The Office also completed one special project and one\nsurvey.\nThe Office reviewed contract ratifications, investment company filing initiatives, the\nelectronic documents program, an interactive data initiative, information security under the\nFederal Information Security Management Act (FISMA), verification of bar membership,\nethics training and exit procedures for examiners, and document requests to registrants. The\nAudit Program section below provides more details on our completed and ongoing work.\nThe Office\xe2\x80\x99s investigative program focused on investigating allegations of misconduct by\nCommission staff, including allegations of conflict of interest, misuse of official time and\ncomputer resources, investigative misconduct, retaliatory termination, perjury and false\nstatements, and time and attendance abuse. We closed seven investigations during the\nperiod, referring one subject to Commission management and three subjects to the\nDepartment of Justice (which declined prosecution). Sixteen investigations remained\npending at the end of the period. The Investigative Program section below contains\nadditional information concerning the investigative work performed and describes the\nsignificant cases closed during the period.\nWe are removing one previously reported significant problem (IT management) and\nretaining another previously reported significant problem (staff performance management).\nOur Office has reported information technology management as a significant problem since\n1996. Over the last decade, the Commission has implemented numerous corrective actions to\naddress the problem. In our judgment, IT management as a whole is no longer a significant\nproblem, although it remains a management challenge.\nWe reported the Commission\xe2\x80\x99s management of staff performance as a significant problem in\nour previous semi-annual report. During this period, Commission management took several\nsteps towards implementation of a new, five-level performance management program, and\nfurther steps are planned. These steps are described below in the Significant Problems\nsection.\nNo management decisions were revised during the period. The Office of Inspector General\nagrees with all significant management decisions regarding audit recommendations.\n\x0c                                                                                 PAGE 2\n\n\n\n                                           Audit Program\nThe reviews completed during this period are summarized below, based on the type of\nreview (i.e., audit, inspection, survey, special project, investigative memorandum). A\nsummary of our ongoing work follows the description of completed work.\n\n\nAUDIT\n\n\nInvestment Company Filing Initiatives (No. 421)\nWe reviewed whether the Division of Investment Management (IM) had identified its goals\nfor improving mutual fund disclosure, and the extent to which it was achieving these goals.\nWe found that IM had identified goals and was making progress towards the goals. We\nrecommended that IM identify outcome-based performance indicators for its disclosure\nreform initiatives.\n\n\nINSPECTION\n\n\nElectronic Documents Program (No. 428)\nWe performed a follow-up review of a program to electronically image the Division of\nEnforcement\xe2\x80\x99s evidentiary documents.\nWe found that significant improvements had been made to address technical, quality\ncontrol, and staffing issues identified in our prior review (Memorandum No. 38, issued\nSeptember 13, 2004). We recommended additional improvements, including providing\nmore guidance and training to users, enhanced monitoring of contractor performance,\nconsidering designation of a program manager, and ensuring that background\ninvestigations are performed on contractor employees and that contractors sign non\ndisclosure agreements.\nContract Ratifications (No. 430)\nWe reviewed contract ratifications (management approval of unauthorized commitments of\nfunds) to identify additional controls needed to prevent such ratifications.\nWe found that Commission management had already made considerable effort to increase\nawareness of this issue and to discourage unauthorized commitments. We made several\nrecommendations to enhance this effort, including (1) strengthening existing guidance, (2)\nexamining contracting in the regional offices, (3) adopting best practices, and (4)\nimplementing additional controls to increase accountability for unauthorized commitments.\n\n\n\n\nS E C O I G S E M I - AN N U A L R E P O R T                             OCTOBER 31,\n2007\n\x0c                                                                                 PAGE 3\n\n\nSURVEY\n\nInteractive Data Initiative Survey (No. 429)\nWe performed a survey of the Commission\xe2\x80\x99s initiative to assess the benefits of interactive\ndata and its potential for improving the timeliness and accuracy of financial disclosure and\nanalysis of Commission filings. We gathered background information on the project for\naudit planning and identified possible risks to the project.\nSince this was a survey, we did not issue a report. Instead, we briefed management on the\nsurvey results, including the identified risks.\n\n\nSPECIAL PROJECT\n\n\nFISMA 2007\nWe hired a contractor to assist us in evaluating Commission compliance with the Federal\nInformation Security Management Act (FISMA). Rather than issuing a report, we\ncompleted a questionnaire required by the Office of Management and Budget.\nConsistent with our FISMA work in 2006, we found that the Commission has continued to\nmake progress in developing a mature information security program, and has addressed\nmany security vulnerabilities identified in prior assessments.\n\n\nINVESTIGATIVE MEMORANDA\n\nVerification of Bar Membership (G-454)\nDuring an investigation, we learned that bar membership is not routinely verified for new\nhire attorneys, but only for law clerks who pass the bar and are converted to attorney\npositions.\nWe recommended that the Office of Human Resources improve its controls to ensure bar\nmembership is verified before a new attorney begins work at the Commission.\nExaminer Ethics Training and Exit Procedures (G-460).\nDuring an investigation, we learned that some examiners may not have received ethics\ntraining, including training on the rules for negotiating and accepting employment with the\nSelf-Regulatory Organizations (SRO).\nWe recommended that the Offices of Compliance Inspections and Examinations (OCIE) and\nthe General Counsel provide appropriate training to examiners and to ethics liaisons who\nadvise examiners. We also recommended that OCIE revise the exit interview worksheet for\nexaminers to cover acceptance of SRO employment.\n\nS E C O I G S E M I - AN N U A L R E P O R T                             OCTOBER 31,\n2007\n\x0c                                                                                   PAGE 4\n\n\n\n\nDocument Requests to Registrants (G-449)\nDuring an investigation, we learned that a regional office did not have written guidance for\nissuing letters to registrants when the registrants fail to produce documents requested\nduring examinations. The regional office issued a \xe2\x80\x9cfailure to produce\xe2\x80\x9d letter to a registrant\nthat later was rescinded. The letter mentioned the possibility of a referral to the Division of\nEnforcement.\nWe recommended that the Office of Compliance Inspections and Examinations (OCIE) issue\nguidance on informing registrants of a possible or actual referral to Enforcement. We also\nrecommended that the guidance be included in OCIE\xe2\x80\x99s training for examiners.\n\n\nONGOING WORK\nAt the close of this semi-annual period (September 30, 2007), the Office had ongoing\nreviews of service level agreements in an IT contract, receiver oversight, referrals from the\nDivision of Corporation Finance to the Division of Enforcement, background investigations,\nthe internal website of the Division of Investment Management, a physical security issue,\nand Self-Regulatory Organization rulemaking.\n\n\n\n                                    Investigative Program\nSeven investigations were closed during the period. We referred three subjects to the\nDepartment of Justice, which declined prosecution. One subject was referred to\nCommission management, which decided to take no disciplinary action. One subject of an\ninvestigation closed during the period resigned. One subject referred during a prior period\nwas suspended. Sixteen investigations were pending at the end of the period.\nAt our request, investigative staff from the Office of the Inspector General of the Federal\nDeposit Insurance Corporation (FDIC OIG) conducted one of the investigations closed\nduring the period, due to our need for additional investigative resources. We appreciate the\nassistance provided by the FDIC OIG.\nThe most significant cases closed during the period are described below.\n\n\nCONFLICT OF INTEREST\nTwo investigations closed during the period involved allegations of conflict of interest. In\none matter, an Office investigation developed evidence that a Commission examiner\nnegotiated and accepted employment with an entity that had a financial interest in an\nexamination in which the examiner personally and substantially participated while\nnegotiating and accepting employment. We found no evidence, however, that the examiner\ngave any favorable treatment to the entity in the examination. We referred the matter to\nthe Department of Justice, which declined prosecution. As discussed in the Audit Program\nS E C O I G S E M I - AN N U A L R E P O R T                               OCTOBER 31,\n2007\n\x0c                                                                               PAGE 5\n\n\nsection, we made recommendations to management for improvements in examiner ethics\ntraining and exit procedures.\nIn the other matter, the FDIC OIG at our request investigated allegations that a\nCommission employee secretly assisted a private company with its SEC filings and had\nbeen promised a future position on the company\xe2\x80\x99s board and stock. The FDIC OIG found\nthat the employee had received and declined an employment offer, but found insufficient\nevidence that the employee improperly assisted the company or that the company had\ngained any unfair advantage. The Department of Justice declined to open a case in the\nmatter.\n\n\nMISUSE OF COMPUTER RESOURCES\nAn Office investigation developed evidence that a staff member had used his Commission\ncomputer and official time to access numerous Internet websites containing pornography.\nWe also found evidence that the employee had downloaded large quantities of pornographic\nimages to his Commission computer and saved many of these images to CDs and/or DVDs.\nThe employee resigned prior to our completion of the investigation. We provided selected\nimages to the Federal Bureau of Investigation\xe2\x80\x99s Innocent Images National Initiative for\nanalysis as possible child pornography. After analyzing the images, the FBI declined to\npursue the matter.\n\n\nINVESTIGATIVE MISCONDUCT\nThe Office conducted two investigations into allegations of misconduct during Commission\nenforcement investigations. In one of these matters, it was alleged that a Commission\nattorney misled the Commission regarding the facts of an investigation and improperly\nattempted to influence the testimony of witnesses. The other matter involved allegations\nthat a Commission attorney had subpoenaed an individual\xe2\x80\x99s financial records in retaliation\nfor his prior complaint about the conduct of a Commission examiner, and that the attorney\nfiled false statements in federal court in support of that subpoena. In both matters, we\nfound that the evidence did not substantiate the allegations.\n\n\n\n\nS E C O I G S E M I - AN N U A L R E P O R T                            OCTOBER 31,\n2007\n\x0c                                                                                 PAGE 6\n\n\n\n                                     Significant Problems\nNo new significant problems were identified during the reporting period.\n\n\n\n           Significant Problems Identified Previously\n\nINFORMATION TECHNOLOGY MANAGEMENT\nSince April 1996, we have reported information technology (IT) management as a\nsignificant problem based on weaknesses identified by several audits, investigations, and\nmanagement studies. Significant IT management weaknesses included information\nsystems security, IT capital investment decision-making, administration of IT contracts, IT\nproject management, enterprise architecture management, strategic management of IT\nhuman capital, and management of software licenses.\nSince this problem was identified, the Commission has taken numerous actions to improve\nIT management, as reflected in our prior semi-annual reports. We no longer consider IT\nmanagement taken as a whole to be a significant problem, although it remains a\nmanagement challenge (in view of IT\xe2\x80\x99s significance and the need for further improvements).\n\n\nSTAFF PERFORMANCE MANAGEMENT\nIn the prior semi-annual period, the Office identified a significant problem with the\nCommission\xe2\x80\x99s staff performance management system. The Commission plans to adopt a\nnew performance management program to address the deficiencies, starting with managers\nin fiscal year 2008 and continuing with staff in fiscal year 2009.\nThe Office of Human Resources (OHR) indicated that it is developing a new, five level\nperformance management program for the Commission. Among other steps, it has piloted\nthe new program with all OHR staff, developed training materials, conducted two pilot\ntraining sessions for managers, and drafted a performance management policy. Planned\nadditional steps include completing development of web-based training, developing\nperformance management templates for offices and divisions, and building an\ninfrastructure for training employees.\n\n\n\n\nS E C O I G S E M I - AN N U A L R E P O R T                               OCTOBER 31,\n2007\n\x0c                                                                                  PAGE 7\n\n\n\n                                    Access to Information\nThe Office of Inspector General has received access to all information required to carry out\nits activities. No reports to the Chairman, concerning refusal of such information, were\nmade during the period.\n\n\n\n                                               Other Matters\n\nEXTERNAL COORDINATION\nThe Office actively participates in the activities of the Executive Council on Integrity and\nEfficiency (ECIE). The Acting Inspector General attends ECIE meetings and is a member\nof its Financial Institutions Regulatory Committee.\nThe Deputy Inspector General is a member of the Federal Audit Executive Council (FAEC).\nThe FAEC considers audit issues relevant to the Inspector General community.\nThe Counsel to the Inspector General is a Vice-Chair of the PCIE Council of Counsels and\nthe Associate Counsels are members of the Council. The Council considers legal issues\nrelevant to the Inspector General community.\n\n\nRETIREMENT OF INSPECTOR GENERAL\nThe Office\xe2\x80\x99s Inspector General, Walter Stachnik, retired during this semi-annual period.\nMr. Stachnik served as the Office\xe2\x80\x99s Inspector General since the Office was established in\nMarch 1989.\nAs of the date of this report, a permanent replacement for Mr. Stachnik had not yet been\nappointed. The Deputy IG is currently serving as the Acting Inspector General.\n\n\n\n\nS E C O I G S E M I - AN N U A L R E P O R T                              OCTOBER 31,\n2007\n\x0c                                                                       PAGE 8\n\n\n\n\n                                      Questioned Costs\n\n                                                             DOLLAR VALUE\n                                                            (IN THOUSANDS)\n\n\n                                                         UNSUPPORTED     QUESTIONED\n                                               NUMBER       COSTS          COSTS\nA          For which no management decision\n           has been made by the\n           commencement of the reporting         0            0                 0\n           period\n\nB          Which were issued during the\n           reporting period\n                                                 0            0                 0\n\n           Subtotals (A+B)                       0            0                 0\n\nC          For which a management decision       0            0                 0\n           was made during the reporting\n           period\n\n    (i)    Dollar value of disallowed costs      0            0                 0\n\n    (ii)   Dollar value of costs not             0           0                  0\n           disallowed\n\nD          For which no management               0           0                  0\n           decision has been made by the end\n           of the period\n\n           Reports for which no management       0           0                  0\n           decision was made within six\n           months of issuance\n\n\n\n\nS E C O I G S E M I - AN N U A L R E P O R T                     OCTOBER 31,\n2007\n\x0c                                                                        PAGE 9\n\n\n\n\n              Recommendations That Funds Be Put To\n                        Better Use\n                                                              DOLLAR VALUE\n                                                    NUMBER   (IN THOUSANDS)\nA\t           For which no management decision\n             has been made by the commencement\n                                                      0             0\n             of the reporting period\nB\t           Which were issued during the\n             reporting period\n                                                       0            0\n\n\n             Subtotals (A+B)            \t              0            0\nC\t           For which a management decision          0             0\n             was made during the period\n      (i) \t Dollar value of recommendations that      0             0            \n\n            were agreed to by management \n\n         -\t Based on proposed management              0             0\n            action\n         -\t Based on proposed legislative action      0             0\n      (ii) \t Dollar value of recommendations that     0             0            \n\n             were not agreed to by management \n\nD\t           For which no management decision\n             has been made by the end of the\n                                                      0             0\n             reporting period\n             Reports for which no management\n             decision was made within six months\n                                                      0             0\n             of issuance\n\n\n\n\nS E C O I G S E M I - AN N U A L R E P O R T   \t                OCTOBER 31,\n2007\n\x0c                                                                              PAGE 10\n\n\n\n\n           Reports with No Management Decisions\nManagement decisions have been made on all audit reports issued before the beginning of\nthis reporting period (April 1, 2007).\n\n\n\n                     Revised Management Decisions\nNo management decisions were revised during the period.\n\n\n\n          Agreement with Significant Management \n\n                        Decisions\n\nThe Office of Inspector General agrees with all significant management decisions regarding\naudit recommendations.\n\n\n\n\nS E C O I G S E M I - AN N U A L R E P O R T                           OCTOBER 31,\n2007\n\x0c                       MANAGEMENT RESPONSE OF\n\n               THE SECURITIES AND EXCHANGE COMMISSION \n\n     ACCOMPANYING THE SEMIANNUAL REPORT OF THE INSPECTOR GENERAL \n\n         FOR THE PERIOD APRIL 1, 2007 THROUGH SEPTEMBER 30, 2007 \n\n\n\nIntroduction\n\nThe Semiannual Report of the Inspector General of the Securities and Exchange Commission\n(SEC) was submitted to the Chairman on October 31, 2007 as required by the Inspector General\nAct of 1978, as amended. The report has been reviewed by a member of the Executive Staff, as\nwell as the Executive Director, General Counsel, and Director of the Division of Enforcement.\nThe Management Response is based on their views and consultation with the Chairman.\n\nThe Management Response is divided into four sections to reflect the specific requirements\nlisted in Section 5(b) of the Inspector General Act of 1978, as amended.\n\n                                        Section I                                                  \n\n                   Comments Keyed to Significant Sections of the IG Report \n\n\nA.   Audit Program\n\n     During the reporting period, the Office of Inspector General (OIG) issued one audit report,\n     two inspection reports, and three investigative memoranda on management issues. The\n     Office also completed one special project and one survey. Management generally\n     concurred with the findings and recommendations in the OIG\xe2\x80\x99s reports.\n\n     In addition to audits performed by the OIG, the Government Accountability Office (GAO)\n     actively reviewed program and administrative functions of the SEC. A complete listing of\n     all GAO audit activity involving the SEC is attached as Appendix A.\n\nB.   Response to Significant Problems\n\n     No new significant problems were identified.\n\nC.   Response to Significant Problems Previously Identified\n\n     Performance Management Program\n\n     The OIG identified the SEC\xe2\x80\x99s performance management system as a significant problem\n     previously reported. The SEC is currently engaged in an initiative to implement a\n     completely new performance management process. This initiative began in 2005 when the\n     pay and benefits agreement with the National Treasury Employees Union (NTEU) expired.\n     The SEC and the NTEU negotiated on this and other issues throughout 2005 and 2006 and\n     were unable to reach consensus on the pay for performance elements of the performance\n     management process. The parties went to mediation and ultimately, a ruling from the\n\x0c     Federal Services Impasse Panel (FSIP) issued in October 2006 allowed the SEC to begin\n     implementing the new system.\n\n     In designing the new system, the SEC researched all available guidance regarding\n     performance management system design from the Office of Personnel Management\n     (OPM), Office of Management and Budget, and Government Accountability Office. The\n     SEC also completed an extensive review of best practices in both the government and\n     private sectors. The existing performance management system was submitted to OPM for\n     review using the Performance Appraisal Assessment Tool (PAAT) to identify current\n     weaknesses and to plan improvements. The SEC has also created a joint committee with\n     NTEU to make recommendations. After the design of the new system was completed, the\n     design was submitted to OPM for the PAAT review to ensure design effectiveness.\n\n     The new system has three major components: (1) an objective component where specific\n     measurable objectives for each individual are established at the beginning of the\n     performance cycle; (2) a competency component where the underlying knowledge, skills,\n     and behaviors needed to accomplish performance objectives are evaluated; and (3) a\n     development component where employees and managers identify career development\n     opportunities. The timing of the performance cycle also will be adjusted in the new system\n     to align with the fiscal year.\n\n     In preparation for implementing this new system, the SEC piloted the system for one year\n     in the agency\xe2\x80\x99s Office of Human Resources (OHR). This pilot program included periodic\n     focus group discussions with a third-party contractor, after the initial training, at the six-\n     month point and is scheduled to be concluded with a final focus group discussion when the\n     performance cycle ends at the end of the fiscal year. During these focus groups, select\n     employees were asked to provide feedback on the effectiveness of the new system. At the\n     six-month point, adjustments were made to the system based on this feedback.\n\n     In preparation for the agency-wide rollout, two groups of senior executives and managers\n     were presented with the training associated with the system. Improvement feedback was\n     solicited from this group and the training design is being finalized.\n\n     In fiscal year 2008, the SEC plans to implement the new system with all executives and\n     managers. In fiscal year 2009, it is anticipated that all SEC employees will be covered by\n     the new system.\n\nD.   IG Recommendations Concerning Use of Funds\n\n     None.\n\n\n\n\n                                                2\n\n\x0cE. \t Reports with No Management Decisions\n\n    Management decisions have been made on all audits issued prior to the beginning of the\n    reporting period (April 1, 2007).\n\nF. \t Revised Management Decisions\n\n    No management decisions were revised during the reporting period.\n\n\n\n\n                                             3\n\n\x0cSEC Management Response to\nSemiannual IG Report\nApril 1, 2007 \xe2\x80\x93 September 30, 2007\n\n\n                                          SECTION II\n\n                                        Disallowed Costs                                 \n\n                                    As of September 30, 2007 \n\n\n\n                                                                        Dollar Value\n                                                           Number       (in thousands)\n\nA. \t   For which final action has\n       not been taken by the\n       commencement of the\n       reporting period                                     0                  $0\n\nB. \t   On which management decisions\n       were made during the reporting\n       period                                               0                  $0\n\n       (Subtotal A+B)        \t                              0                  $0\n\nC. \t   For which final action was\n       taken during the reporting\n       period                                               0                  $0\n\n       (i)    Recovered by management            \t          0                  $0\n\n       (ii)   Disallowed by management                      0       \t          $0\n\nD. \t   For which no final action has\n       been taken by the end of the\n       reporting period                                     0                  $0\n\n\n\n\n                                               4\n\n\x0cSEC Management Response to\nSemiannual IG Report\nApril 1, 2007 \xe2\x80\x93 September 30, 2007\n\n\n                                           SECTION III                              \n\n                                      Funds Put to Better Use \n\n                                     As of September 30, 2007 \n\n\n\n                                                                   Dollar Value\n                                                          Number   (in thousands)\n\nA. \t   For which final action has\n       not been taken by the\n       commencement of the\n       reporting period                                     0             $0\n\nB. \t   On which management decisions\n       were made during the reporting\n       period                                               0             $0\n\nC. \t   For which final action was\n       taken during the reporting\n       period:\n\n       (i) \t    Dollar value of recom\n                mendations that were\n                agreed to by management                     0             $0\n\n       (ii) \t   Dollar value of recom\n                mendations that management\n                has subsequently concluded\n                should/could not be\n                implemented or completed                    0             $0\n\nD. \t   For which no final action has been\n       taken by the end of the reporting period             0             $0\n\n\n\n\n                                                  5\n\n\x0c                                                                                           SEC Management Response to\n                                                                                           Semiannual IG Report\n                                                                                           April 1, 2007 \xe2\x80\x93 September 30, 2007\n\n                                                         SECTION IV\n\n                                             Open Audit Reports Over One Year Old \n\n                                                   As of September 30, 2007 \n\n\n\n                                                  Funds Put to\n                                                  Better Use            Questioned Costs\nAudit #   Audit Title               Issued        (in thousands)         (in thousands)    Reason Final Action Not Taken\n\n220 \t     IRM Planning and\n          Execution                 3/26/1996        $0                       $0           Efforts are underway to complete the IT\n                                                                                           Policy Library, a web-based tool that\n                                                                                           contains IT-related policies and guidance.\n                                                                                           The target completion date is March 31,\n                                                                                           2008.\n\n320 \t     General Computer Controls 12/26/2000       $0                       $0           The overall recommendation is centered\n                                                                                           around the on-boarding and off-boarding\n                                                                                           of staff and contractors. A pilot system\n                                                                                           is in production, and full deployment is\n                                                                                           being coordinated with the HSPD-12\n                                                                                           government-wide initiative. In addition,\n                                                                                           revisions have been made to the SEC\xe2\x80\x99s\n                                                                                           systems security plans to address this\n                                                                                           requirement, as well as other NIST security\n                                                                                           standards, at the application level.\n\n                                                                   6\n\n\x0c                                                                                           SEC Management Response to\n                                                                                           Semiannual IG Report\n                                                                                           April 1, 2007 \xe2\x80\x93 September 30, 2007\n\n                                                         SECTION IV\n\n                                             Open Audit Reports Over One Year Old \n\n                                                   As of September 30, 2007 \n\n\n\n                                                  Funds Put to\n                                                  Better Use            Questioned Costs\nAudit #   Audit Title               Issued        (in thousands)        (in thousands)         Reason Final Action Not Taken\n\n337       \tIT Project Management    1/24/2002        $0                       $0               Formal policies are being completed.\n\n365\t      IT Capital Investment\n          Decision-making Follow-up 3/29/2004        $0                       $0               During the reporting period, a formal\n                                                                                               charter was issued for the IT Capital\n                                                                                               Planning Committee, which\n                                                                                               makes final investment funding decisions\n                                                                                               based on, among other things,\n                                                                                                recommendations from the\n                                                                                               SEC\xe2\x80\x99s Information Officers\xe2\x80\x99 Council\n                                                                                               (IOC). A formal charter is now being\n                                                                                               developed for the IOC.\n\n376       \tTelephone Card Program   11/17/2003       $0                       $0               See explanation for audit #220.\n\n\n\n\n                                                                   7\n\n\x0c                                                                                                  SEC Management Response to\n                                                                                                  Semiannual IG Report\n                                                                                                  April 1, 2007 \xe2\x80\x93 September 30, 2007\n\n\n                                                                SECTION IV\n\n                                                    Open Audit Reports Over One Year Old \n\n                                                          As of September 30, 2007 \n\n\n\n                                                      Funds Put to\n                                                      Better Use            Questioned Costs\nAudit #   Audit Title                   Issued        (in thousands)         (in thousands)     Reason Final Action Not Taken\n\n377\t      Lost and Stolen\n          Securities Program            3/31/2004         $0                      $0            Management has scheduled a full\n                                                                                                risk assessment of the program\xe2\x80\x99s database.\n\n393       \tSoftware Management          3/24/2005         $0                      $0            A working group has been established to\n                                                                                                develop specific procedures and policies\n                                                                                                recommended by this audit. In the\n                                                                                                meantime, an interim policy has been\n                                                                                                issued.\n\n395\t      Integrity Program\xe2\x80\x94\n          Inspection of Field Offices   5/31/2005         $0                      $0            Revisions are expected to be made to \n\n                                                                                                the draft employee handbook. \n\n\n\n\n                                                                                               SEC Management Response to\n                                                                       8\n\n\x0c                                                                                          Semiannual IG Report\n                                                                                          April 1, 2007 \xe2\x80\x93 September 30, 2007\n\n                                                         SECTION IV\n                                             Open Audit Reports Over One Year Old\n                                                   As of September 30, 2007\n\n\n                                                  Funds Put to\n                                                  Better Use           Questioned Costs\nAudit #   Audit Title                             (in thousands)        (in thousands)     Reason Final Action Not Taken\n\n402       Office of the Secretary    9/20/2005       $0                      $0            Staff is analyzing data from a needs\n                                                                                           assessment completed during the reporting\n                                                                                           period to help determine how to meet the\n                                                                                           OIG\xe2\x80\x99s audit recommendations. In addition,\n                                                                                           a policy is being developed to address the\n                     Issued                                                                updating and posting of public forms on the\n                                                                                           SEC\xe2\x80\x99s website.\n\n406       Federal Information\n           Security Management\n           Act\xe2\x80\x942005                                  $0                      $0            Most of the recommendations have been\n                                                                                           implemented. With regard to the one\n                                                                                           remaining recommendation, Privacy Impact\n                                                                                           Assessments are underway for all\n                                                                                           applications with an expected completion\n                         9/28/2005                                                         date of March 2008.\n\n\n\n                                                                   9\n\x0c                                                                                           SEC Management Response to\n                                                                                           Semiannual IG Report\n                                                                                           April 1, 2007 \xe2\x80\x93 September 30, 2007\n\n                                                        SECTION IV\n\n                                            Open Audit Reports Over One Year Old \n\n                                                  As of September 30, 2007 \n\n\n\n                                                 Funds Put to\n                                                 Better Use             Questioned Costs\nAudit #   Audit Title              Issued        (in thousands)           (in thousands)    Reason Final Action Not Taken\n\n408       IM Exemptive \n\n          Application Processing   9/29/2006        $0                        $0 \n          Work is underway to determine whether\n                                                                                            and how the Commission\xe2\x80\x99s rule pertaining\n                                                                                            to employee securities companies should\n                                                                                            be updated.\n\n412       Oversight of PCAOB       9/28/2006        $0                        $0            A number of procedures will need to be\n                                                                                            developed as the Commission\xe2\x80\x99s oversight\n                                                                                            of the PCAOB matures. The staff has\n                                                                                            begun developing procedures by drafting a\n                                                                                            proposed rule on the PCAOB\xe2\x80\x99s budget\n                                                                                            approval process.\n\n\n\n\n                                                                  10\n\n\x0c                                                                                         SEC Management Response to\n                                                                                         Semiannual IG Report\n                                                                                         April 1, 2007 \xe2\x80\x93 September 30, 2007\n\n                                                       SECTION IV\n                                           Open Audit Reports Over One Year Old\n                                                 As of September 30, 2007\n\n\n                                                Funds Put to\n                                                Better Use            Questioned Costs\nAudit #   Audit Title                           (in thousands)          (in thousands)    Reason Final Action Not Taken\n\n425       FISMA 2006                               $0                       $0            Remaining actions evolve around\n                                                                                          evaluating the reclassification of the\n                                                                                          inventory of applications, improving the\n                                                                                          processes for documenting applications\n                                                                                          and systems, and conducting Privacy\n                    Issued                                                                Impact Assessments for the full inventory\n                        9/18/2006\n                                                                                          of systems and applications.\n\nPI-6-17   Workplace Violence\n          Prevention Program                       $0                       $0            An updated policy is being drafted.\n                                                                                          After the policy is approved and\n                                                                                          communicated to staff, training\n                               3/27/2006                                                  sessions will commence.\n\n\n\n\n                                                                 11\n\x0c                                                         SECTION IV\n                                             Open Audit Reports Over One Year Old\n                                                   As of September 30, 2007\n\n\n                                                  Funds Put to\n                                                  Better Use             Questioned Costs\nAudit #   Audit Title               Issued        (in thousands)           (in thousands)   Reason Final Action Not Taken\n\nM27       NRSI Password\n           Management                                $0                        $0           The streamlining and automation of SEC\xe2\x80\x99s\n                                                                                            process for requesting, validating, granting,\n                                                                                            and revoking user access to the agency\xe2\x80\x99s\n                                                                                            IT systems is being addressed by the\n                                                                                            Federal Identity Management project.\n                        1/29/2003\n\n\n\n\n                                                                   12\n\n\x0c                                                                     APPENDIX A\n\n\n                        Government Accountability Office Audit Activity\n\n                       Involving the Securities and Exchange Commission \n\n\n\nReports Issued During the Reporting Period\n\nInternal Control: Improvements Needed in SEC\xe2\x80\x99s Accounting and Operational Procedures,\nGAO-07-482R, Apr. 3, 2007\n\nFinancial Regulators: Agencies Have Implemented Key Performance Management\nPractices, but Opportunities for Improvement Exist, GAO-07-678, June 2007\n\nDefined Benefit Pensions: Conflicts of Interest Involving High Risk or Terminated Plans\nPose Enforcement Challenges, GAO-07-703, June 2007\n\nCredit Derivatives: Confirmation Backlogs Increased Dealers\xe2\x80\x99 Operational Risks, but Were\nSuccessfully Addressed after Joint Regulatory Action, GAO-07-716, June 2007\n\nCorporate Shareholder Meetings: Issues Relating to Firms that Advise Institutional Investors\non Proxy Voting, GAO-07-765, June 2007\n\nSecurities and Exchange Commission: Additional Actions Needed to Ensure Planned\nImprovements Address Limitations in Enforcement Division Operations, GAO-07-830, Aug.\n2007\n\nSecurities and Exchange Commission: Steps Being Taken to Make Examination Program\nMore Risk-Based and Transparent, GAO-07-1053, Aug. 2007\n\n\nProjects Active as of September 30, 2007\n\n   1.\t Federal Entity Governance Structures (194737). A review of the governance\n       structure at designated federal entities and the inspector general\xe2\x80\x99s role and reporting\n       relationship with the governance structures.\n\n   2.\t IRAs (130799). A review of the role and effectiveness of IRAs in facilitating\n       retirement savings.\n\n   3.\t Private Equity Markets (250358). A review of private equity markets and the\n       current state of supervision and regulation.\n\n   4.\t U.S. Pension Plan Investment in Hedge Funds (130664). A review focused on the\n       extent public and private sector pension plan sponsors invest in hedge funds and the\n       net returns of these funds relative to other types of investments.\n\x0c5.\t Currency Transaction Reports (250329). A study of the currency transaction report\n    filing patterns of depository institutions, the regulatory burden, if any for\n    depository institutions in meeting filing requirements, how currency transaction\n    reports have been useful to law enforcement and other users, and the options, if\n    any, that exist for changing currency requirements.\n\n6.\t Home Mortgage Foreclosures (250347). A review of recent trends in home\n    mortgage foreclosures, the primary and secondary mortgage markets, and possible\n    options for mortgage market participants, financial regulators, and policymakers in\n    responding to recent foreclosure trends.\n\n7.\t SEC Oversight of SROs (250326). A review of the SEC\xe2\x80\x99s oversight of self-\n    regulatory organizations and its inspection and examination process.\n\n8.\t Institution Diversity and Consolidation (250328). A study regarding the diversity\n    and complexity of the banking and financial services industries, the current\n    regulatory structure for these industries, and the costs associated with regulatory\n    compliance.\n\n9.\t Competition in the Accounting Profession (250321). An examination of recent\n    changes in the market for public company auditors, recent changes in the level of\n    competition in the market and auditor choices for public companies, trends in audit\n    costs and quality, the impact of concerns over access to capital formation and\n    securities markets on companies\xe2\x80\x99 choice of auditors, and challenges faced by mid-\n    sized and smaller auditing firms in serving the market for audit and other services\n    to public companies.\n\n10. Hedge Funds and SEC Oversight (250313). A review of the evolution of the hedge\n    fund industry in terms of growth, investment strategies and fee structures; SEC\n    oversight of hedge funds and financial regulators\xe2\x80\x99 oversight of counterparties;\n    disclosure requirements; potential implications of ERISA amendments related to\n    hedge funds; and the applicability of legislative reforms suggested by the\n    President\xe2\x80\x99s Working Group after Long-Term Capital Management.\n\n11. SEC Oversight of Corporate Governance Ratings (250312). A review of the SEC\xe2\x80\x99s\n    oversight of firms that provide proxy advisory services and corporate governance\n    ratings.\n\n12. Credit Derivatives (250310). A review of the use of information technology\n    systems in the credit derivatives markets.\n\n13. Financial Markets Preparation Follow-on (250285). A review of the progress made\n    by U.S. financial regulators and market participants to increase their security and\n\n\n                                         2\n\n\x0c   resiliency against attacks or other disasters, as well as to follow-up on issues and\n   recommendations made from GAO\xe2\x80\x99s prior reports.\n\n14. Financial Statement Audit (194571). An audit of the SEC\xe2\x80\x99s 2006 financial\n    statements.\n\n15. Utility Oversight (360719). A study of FERC\xe2\x80\x99s efforts to assume responsibilities\n    for protecting consumers and investors previously under the jurisdiction of the\n    SEC.\n\n16. Energy Futures (250256) and Natural Gas Prices (360659). The first assignment is\n    a review of the CFTC\xe2\x80\x99s oversight of futures trading in energy. The second\n    assignment is a review of the factors that affect natural gas price volatility and the\n    Federal Government\xe2\x80\x99s role in ensuring that prices are determined in a competitive\n    market. GAO\xe2\x80\x99s discussions with SEC concern the SEC\xe2\x80\x99s equities market\n    surveillance, staff report entitled, \xe2\x80\x9cImplications of the Growth of Hedge Funds in\n    September 2003,\xe2\x80\x9d and how the role played by hedge funds in the financial markets\n    has changed.\n\n\n\n\n                                          3\n\n\x0c"